PyDFIR / pyDFIRRam
PyDFIRRam is a Python library leveraging Volatility 3 to simplify and enhance memory forensics. It streamlines the research, parsing, and analysis of memory dumps, allowing users to focus on data rather than commands.
β25Updated last month
Related projects β
Alternatives and complementary repositories for pyDFIRRam
- Ansible + Vagrant + Hyper-V + Vulnerable AD πβ88Updated 2 months ago
- linikatz is a tool to attack AD on UNIXβ137Updated last year
- A complete table of results of types comparison in multiple languagesβ25Updated 2 years ago
- GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.β144Updated 11 months ago
- Source for kiosk.vsim.xyz -- tooling for browser-based, Kiosk mode testing.β25Updated 5 months ago
- RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. οΏ½β¦β40Updated last year
- All kinds of tiny shellsβ59Updated last year
- Memory mapping profiles for forensic analysis using volatility 2β45Updated 2 years ago
- A python script to automatically list vulnerable Windows ACEs/ACLs.β42Updated 2 months ago
- β55Updated 3 weeks ago
- β76Updated 5 months ago
- A comprehensive workshop aimed to equip participants with an in-depth understanding of modern Command and Control (C2) concepts, focusingβ¦β97Updated last year
- Powershell Linterβ46Updated last month
- β103Updated 3 months ago
- β130Updated last year
- β20Updated 11 months ago
- Repository of Yara Rulesβ88Updated 3 weeks ago
- This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europeβ28Updated 4 months ago
- Go setter/getter for property ms-Mcs-AdmPwd used by LAPS.β12Updated 7 months ago
- β51Updated 9 months ago
- β81Updated 2 years ago
- A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local filesβ123Updated 5 months ago
- A full CTF Website Server & Frontend | Extremely customizableβ53Updated 6 months ago
- Local & remote Windows DLL Proxyingβ161Updated 4 months ago
- A python module to explore the object tree to extract paths to interesting objects in memory.β78Updated 8 months ago
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.β120Updated last week
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so onβ81Updated 6 months ago
- Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLsβ¦β46Updated 10 months ago
- A collection of small scripts and tools for deobfuscation and malware analysis.β65Updated last year